Re: [PATCH 4.19 5.4 5.10 5.15 6.1] nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

On Sun, Sep 03, 2023 at 12:10:00AM +0900, Ryusuke Konishi wrote:
> commit f83913f8c5b882a312e72b7669762f8a5c9385e4 upstream.
> 
> A syzbot stress test reported that create_empty_buffers() called from
> nilfs_lookup_dirty_data_buffers() can cause a general protection fault.
> 
> Analysis using its reproducer revealed that the back reference "mapping"
> from a page/folio has been changed to NULL after dirty page/folio gang
> lookup in nilfs_lookup_dirty_data_buffers().
> 
> Fix this issue by excluding pages/folios from being collected if, after
> acquiring a lock on each page/folio, its back reference "mapping" differs
> from the pointer to the address space struct that held the page/folio.
> 
> Link: https://lkml.kernel.org/r/20230805132038.6435-1-konishi.ryusuke@gmail.com
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Reported-by: syzbot+0ad741797f4565e7e2d2@syzkaller.appspotmail.com
> Closes: https://lkml.kernel.org/r/0000000000002930a705fc32b231@google.com
> Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
> ---
> Please apply this patch to the above stable trees instead of the patch
> that could not be applied to them.  This patch resolves the conflict
> caused by the recent page to folio conversion applied in
> nilfs_lookup_dirty_data_buffers().  The general protection fault reported
> by syzbot reproduces on these stable kernels before the page/folio
> conversion is applied.  This fixes it.
> 
> With this tweak, this patch is applicable from v4.15 to v6.2.  Also,
> this patch has been tested against the -stable trees of each version in
> the subject prefix.

Now queued up, thanks.

greg k-h